Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 583650

Summary: <sys-kernel/gentoo-sources-4.4.19 are affected by CVE-2016-4913 and CVE-2016-3713
Product: Gentoo Security Reporter: Pacho Ramos <pacho>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: CONFIRMED ---    
Severity: normal CC: andrzej.pauli, kernel, limanski, marci_r
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 591810    
Bug Blocks:    

Description Pacho Ramos gentoo-dev 2016-05-21 11:10:38 UTC
I was trying to find if Fedora people were able to backport the fixes for bug 583522 in Fedora22 but I couldn't find it :(

At least I found that any version before 4.4.11 are vulnerable to, at least, that two CVEs I list in summary, hence, maybe it would be interesting to stabilize 4.4.11

Thanks
Comment 1 Mike Limansky 2016-06-25 21:50:05 UTC
And the kernels before 4.4.14 are affected by CVE-2016-4997. (http://www.openwall.com/lists/oss-security/2016/06/24/5)
Comment 2 Mike Limansky 2016-07-09 19:28:50 UTC
I'm using 4.4.14 for a week on working laptop. No issues found comparing with current stable 4.4.6. Are there any blockers for this security bug?
Comment 3 Pacho Ramos gentoo-dev 2016-08-21 09:38:30 UTC
Well, there are many more security fixes since I reported this.. probably the best idea would be to stabilize 4.4.19 when it lands the tree
Comment 4 Andreas Sturmlechner gentoo-dev 2016-08-21 14:41:19 UTC
4.4.19 is in tree since yesterday. Regressions do happen, but very rarely at that stage of LTS, so I guess stabilising it is not unreasonable.
Comment 5 Mike Limansky 2016-09-23 15:31:32 UTC
I'm using 4.4.19 for a month on amd64. No issues comparing to 4.4.6 are observed.